Develop Reference

Unable to connect to Office 365 SMTP Server via Jakarta Mail using OAuth 2

I am currently trying to integrate OAuth2 into an existing e-mail infrastructure of a java application. The application is using Jakarta mail, which according to their documentation supports OAuth2 (https://eclipse-ee4j.github.io/mail/OAuth2). For some reason I am struggeling to connect to the Office 365 SMTP Server, while connecting via IMAP works perfectly fine. So here is what I have been doing so far:
Create Office 365 Developer Account, populate with users and user data.
Log into the azure backend, configure an app registration, including callback url etc. and the following api rights: https://i.stack.imgur.com/lXjER.png
Use the following authentication url to create an authentication code:
https://login.microsoftonline.com/{my_tenant_id}/oauth2/v2.0/authorize?
client_id={my_client_id}&
state=state_to_check&
redirect_uri=http://localhost:5555/callback/authorization&
scope=offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send
&response_type=code
As you can see i am using the following scopes:
offline_access
https://outlook.office.com/IMAP.AccessAsUser.All
https://outlook.office.com/POP.AccessAsUser.All
https://outlook.office.com/SMTP.Send
Retrieve the authorization code and use it to get refresh and access token, which gets me the following response:
{
"token_type": "Bearer",
"scope": "https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/Mail.Read https://outlook.office.com/Mail.Read.All https://outlook.office.com/Mail.Read.Shared https://outlook.office.com/Mail.ReadBasic https://outlook.office.com/Mail.ReadWrite https://outlook.office.com/Mail.Send https://outlook.office.com/Mail.Send.All https://outlook.office.com/Mail.Send.Shared https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send https://outlook.office.com/User.Read",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": ...,
"refresh_token": ...
}
So I would say, everything is working as expected so far regaring the OAuth 2.0 authentication process. Now, going on to use the access token to get access to the users email account, I added the following few lines in the e-mail logic of our application to enabe IMAP via OAuth:
[more props stuff here]
if (useOauth) {
props.put("mail." + protocol + ".auth", "true");
props.put("mail." + protocol + ".auth.mechanisms", "XOAUTH2");
props.put("mail." + protocol + ".auth.login.disable", "true");
props.put("mail." + protocol + ".auth.plain.disable", "true");
}
return Session.getInstance(props);
This works perfectly fine and I can connect via IMAP, read folders, messages, etc. My problem is, if I try to modify our code in a similar way for SMTP I get the following error:
Exception in thread "main" jakarta.mail.AuthenticationFailedException: 451 4.7.0 Temporary server error. Please try again later. PRX4 [AM9P191CA0011.EURP191.PROD.OUTLOOK.COM]
at com.sun.mail.smtp.SMTPTransport$Authenticator.authenticate(SMTPTransport.java:947)
at com.sun.mail.smtp.SMTPTransport.authenticate(SMTPTransport.java:858)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:762)
at jakarta.mail.Service.connect(Service.java:342)
at jakarta.mail.Service.connect(Service.java:222)
at jakarta.mail.Service.connect(Service.java:243)
at Application.main(Application.java:52)
I had a look through the following example application that I have found on github (https://github.com/eino-makitalo/vesa-mailtest/tree/master/src/main) and the few answers on stackoverflow to see if I have missed any properties to set specifically for SMTP but I keep running into the same error, using the following configuration:
Properties props = new Properties();
props.put("mail.smtp.auth.xoauth2.disable", "false");
props.put("mail.smtp.auth.mechanisms", "XOAUTH2");
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.host","smtp.office365.com");
props.put("mail.smtp.port", "587");
props.put("mail.transport.protocol","smtp");
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.auth.login.disable","true");
props.put("mail.smtp.auth.plain.disable","true");
props.put("mail.debug.auth", "true");
Session session = Session.getInstance(props);
session.setDebug(true);
Transport transport = session.getTransport("smtp");
transport.connect( username, token);
Now I am hoping, that maybe someone has run into this issue before, and can help me out. The only questions I can find regarding the exception postet above are all related to custom exchange server setups, and how you should configure DNS setup on these servers. But I dont think this should be relevant for me, as I am not trying to connect to a custom exchange server.
UPDATE:
So I tried the same configuration with the google service, and it works for both IMAP and SMTP, so it is for sure a problem with the Microsoft Services. But I am still not sure what more I can try to make it work.

Okay, found the problem: For some reason I did not think to try and explicitly request the openId scope. Not sure why, but for some reason I had it in my head that it will be requested automatically, if you don't specify it explicitly. After requesting openId explicitly both SMTP and IMAP work.

JavaMail Not Working on Amazon EC2

PROBLEM:
I'm trying to use JavaMail to send email from an EC2 Ubuntu 12.04 Server but it's not working.
BACKGROUND:
I intend to send an auto generated mail from a Tomcat Server to a few team members. I used JavaMail 1.4.7 for this task and I've successfully tried it on a local installation of Tomcat (on a personal laptop).
The next step was where I put this module on an EC2 Server but it started failing with the below given error:
ERROR:
DEBUG SMTP: AUTH LOGIN failed
javax.mail.AuthenticationFailedException: 535-5.7.1 Username and Password not accepted. Learn more at
535 5.7.1 http://support.google.com/mail/bin/answer.py?answer=14257 j13sm1603739pat.17 - gsmtp
at com.sun.mail.smtp.SMTPTransport$Authenticator.authenticate(SMTPTransport.java:826)
at com.sun.mail.smtp.SMTPTransport.authenticate(SMTPTransport.java:761)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:685)
at javax.mail.Service.connect(Service.java:295)
at javax.mail.Service.connect(Service.java:176)
Code Snippet:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Properties props = new Properties();
props.put("mail.smtps.host","smtp.gmail.com");
props.put("mail.transport.protocol", "smtp");
props.put("mail.smtps.auth", "true");
props.put("mail.smtp.debug", "true");
props.put("mail.smtp.port", 465);
props.put("mail.smtp.socketFactory.port", 465);
props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "false");
props.put("mail.smtp.ssl.enable", true);
Session session = Session.getDefaultInstance(props);
session.setDebug(debug);
Message msg = new MimeMessage(session);
InternetAddress addressFrom = new InternetAddress("fromId#gmail.com");
msg.setFrom(addressFrom);
InternetAddress[] addressTo = new InternetAddress[recipients.length];
for (int i = 0; i < recipients.length; i++) {
addressTo[i] = new InternetAddress(recipients[i]);
}
msg.setRecipients(Message.RecipientType.TO, addressTo);
msg.setSubject("test subject");
msg.setContent("test message", "text/plain");
Transport tp = session.getTransport("smtp");
tp.connect(SMTP_HOST_NAME, "dummyId#gmail.com", "dummypassword");
tp.sendMessage(msg, addressTo);
tp.close();
ADDITIONAL INFO:
I've added permissions for all ports on the EC2 instance. Also, I've added explicit permissions for ports 465(SMTPS) and 25(SMTP).
I've cross checked the correctness of the username and password provided in the code.

In the past, spam sent from servers within EC2 has been a major problem for both Amazon and mail service providers. Initially, Amazon deliberately had insufficient DNS information to pass anti-spam checking of common email services (lack of DNS reverse lookup PTR records), then Amazon introduced low mail quotas, followed approval processes to give full access to EC2 or SES mail (provides specific technical setup to fully enable outgoing email).
Here's a link describing some of the history: http://shlomoswidler.com/2009/07/sending-email-from-ec2.html
While the error you're getting is a failed authentication at Gmail server, it may be (probably is) because Gmail identifies your sender IP address as a potential spammer, because you didn't setup Amazon reverse DNS lookup properties correctly.
Setup Amazon Reverse DNS lookup details, so that your mail is not detected as spam by Gmail. It seems this can only be done by submitting a request form to lift Email Sending quota. From Amazon EC2 IP Information FAQs:
Q: Can I configure the reverse DNS record for my Elastic IP address?
Yes, you can configure the reverse DNS record of your Elastic IP
address (submit the Request to Remove Email Sending Limitations
Form). Note that a corresponding forward DNS record pointing to
that Elastic IP address must exist before we can create the reverse
DNS record.
Here's an example of an email sent out by Amazon when an email quota is exhausted - again spelling out request & approval for DNS PTR configuration: http://www.practicalclouds.com/content/guide/sending-email-ec2-instances
Precisely follow all the instructions in the link included in you Gmail error message: http://support.google.com/mail/bin/answer.py?answer=14257. This will reset your Gmail account status, if Gmail thinks your account is spamming from your IP address.
Alternatively, you can send mail via Amazon SES, also requiring request, approval and appropriate Amazon-provided configuration. This allows mail to be sent via com.amazonaws.services.simpleemail.AmazonSimpleEmailServiceClient.sendEmail. If you use this, add authorisation for your code to sendmail: Unable to send email from Amazon EC2 Server in Java.

Unrecognized SSL message, plaintext connection? Exception

I have a java complied package to speak with the https server on net. Running the compilation gives the following exception:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
I think this is due to the connection established with the client machine is not secure. Is there any way to configure the local machine or ports in order to connect to the remote https server?

I think this is due to the connection
established with the client machine is
not secure.
It is due to the fact that you are talking to an HTTP server, not an HTTPS server. Probably you didn't use the correct port number for HTTPS.

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
You should have a local SMTP domain name that will contact the mail server and establishes a new connection as well you should change the SSL property in your programming below
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
props.put("mail.smtp.socketFactory.fallback", "true"); // Should be true

I got the same error message when I forgot to log in to the company firewall, before performing a POST request through a proxy.

I got the same error. it was because I was accessing the https port using http.. The issue solved when I changed http to https.

Adding this as an answer as it might help someone later.
I had to force jvm to use the IPv4 stack to resolve the error. My application used to work within company network, but while connecting from home it gave the same exception. No proxy involved. Added the jvm argument
-Djava.net.preferIPv4Stack=true and all the https requests were behaving normally.

If you are running local using spring i'd suggest use:
#Bean
public AmazonDynamoDB amazonDynamoDB() throws IOException {
return AmazonDynamoDBClientBuilder.standard()
.withCredentials(
new AWSStaticCredentialsProvider(
new BasicAWSCredentials("fake", "credencial")
)
)
.withClientConfiguration(new ClientConfigurationFactory().getConfig().withProtocol(Protocol.HTTP))
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("localhost:8443", "central"))
.build();
}
It works for me using unit test.
Hope it's help!

I face the same issue from Java application built in Jdevelopr 11.1.1.7 IDE. I solved the issue by unchecking the use of proxy form Project properties.
You can find it in the following:
Project Properties -> (from left panle )Run/Debug/Profile ->Click (edit) form the right panel -> Tool Setting from the left panel -> uncheck (Use Proxy) option.

i solved my problem using port 25 and Following prop
mailSender.javaMailProperties.putAll([
"mail.smtp.auth": "true",
"mail.smtp.starttls.enable": "false",
"mail.smtp.ssl.enable": "false",
"mail.smtp.socketFactory.fallback": "true",
]);

In case you use Jetty version 9 or earlier you need to add it to jetty
by
RUN java -jar ${JETTY_HOME}/start.jar --add-to-startd=https
and according to this
Jetty: How to use SSL in Jetty client side
from Jetty version 10 it should work out of the box

In case you are running
Cisco AnyConnect Secure Mobility Agent
Cisco AnyConnect Web Security Agent
try stopping the service(s).
In our corporate network this IS the solution to the issue.

It worked for me now, I have change the setting of my google account as below:
System.out.println("Start");
final String username = "myemail#gmail.com";
final String password = "************";
Properties props = new Properties();
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.host", "smtp.gmail.com");
props.put("mail.smtp.port", "465");
props.put("mail.transport.protocol", "smtp");
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
Session session = Session.getInstance(props,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password);
}
});
try {
Transport transport=session.getTransport();
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress("myemail#gmail.com"));//formBean.getString("fromEmail")
message.setRecipients(Message.RecipientType.TO,InternetAddress.parse("myemail#gmail.com"));
message.setSubject("subject");//formBean.getString(
message.setText("mailBody");
transport.connect();
transport.send(message, InternetAddress.parse("myemail#gmail.com"));//(message);
System.out.println("Done");
} catch (MessagingException e) {
System.out.println("e="+e);
e.printStackTrace();
throw new RuntimeException(e);
}
Though I have enabled SSL and TSL while running program in this link of same post. I spend a lot of time but than I realized and found this link.
And done 2 following steps and setting control in google. :
Disable the 2-step verification (password and OTP)
Enabling to allow to access less secure app(Allow less secure apps:
ON.)
Now I am able to send mail using above program.

As EJP said, it's a message shown because of a call to a non-https protocol.
If you are sure it is HTTPS, check your bypass proxy settings, and in case add your webservice host url to the bypass proxy list

if connection is FTPS test:
FTPSClient ftpClient = new FTPSClient(protocol, false);
protocol = TLS,SSL
and false = isImplicit.

I got the same issue and it got resolved by setting "proxyUser" and "proxyPassword" in system properties.
System.setProperty("http.proxyUser", PROXY_USER);
System.setProperty("http.proxyPassword", PROXY_PASSWORD);
along with "proxyHost" and "proxyPort"
System.setProperty("http.proxyHost", PROXY_ADDRESS);
System.setProperty("http.proxyPort", PROXY_PORT);
Hope it will work.

I was facing this exception when using Gmail.
In order to use Gmail I had to turn ON "Allow less secure apps".
This Gmail setting can be found at https://www.google.com/settings/security/lesssecureapps after login the gmail account.

I've got similar error using camel-mail component to send e-mails by gmail smtp.
The solution was changing from TLS port (587) to SSL port (465) as below:
<route id="sendMail">
<from uri="jason:toEmail"/>
<convertBodyTo type="java.lang.String"/>
<setHeader headerName="Subject"><constant>Something</constant></setHeader>
<to uri="smtps://smtp.gmail.com:465?username=myemail#gmail.com&password=mypw&to=someemail#gmail.com&debugMode=true&mail.smtp.starttls.enable=true"/>
</route>

Maybe your default cerficate has expired. to renew it through admin console go "Security >SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates" select the "default" alias and click on "renew" after then restart WAS.

If you're running the Java process from the command line on Java 6 or earlier, adding this switch solved the issue above for me:
-Dhttps.protocols="TLSv1"

error in retrieving mail through a proxy

we are retrieving mail from gmail server.we could connect to the gmail server without proxy. As there is a proxy setting in our college we couldn't connect to the gmailserver even after setting the system properties. we could connect to gmail.com from our browser but we couldn't connect from our program.
Properties props = System.getProperties();
props.setProperty("http.proxyHost", "proxyhost");
props.setProperty("http.proxyPort", "proxynumber");
props.setProperty( "mail.imap.socketFactory.class", SSL_FACTORY);
props.setProperty( "mail.imap.socketFactory.fallback", "false");
props.setProperty( "mail.imap.port", "993");
props.setProperty( "mail.imap.socketFactory.port", "993");
props.put("mail.imap.host", "imap.gmail.com");
Session session = Session.getDefaultInstance(props, null);
store = session.getStore("imap");
store.connect(dialog.getServer(),dialog.getUsername(),dialog.getPassword());
we get this exception
java.net.UnknownHostException: imap.gmail.com
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:618)
at javax.mail.Service.connect(Service.java:291)
at javax.mail.Service.connect(Service.java:172)
at EmailClient.connect(EmailClient.java:373)
at EmailClient.main(EmailClient.java:475)
by: java.net.UnknownHostException: imap.gmail.com
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.connect(Unknown Source
at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:284)
at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:201)
at com.sun.mail.iap.Protocol.<init>(Protocol.java:109)
at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:104)
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:585)

Chances are that your proxy uses NTLM authentication, I've had issues in the past with Java and NTLM authentication. Not sure if it is actually the proxy giving you issues though.
In any which case, instead of using the JavaMail API directly you might want to have a look at using the GMail API for Java g4j. It will abstract away most of the complexities of dealing with gmail in general.
Happy Coding!

JavaMail does not currently support accessing mail servers
through a web proxy server.
If your proxy server supports the SOCKS V4 or V5 protocol and allows
anonymous connections, and you're using JDK 1.5 or newer and JavaMail
1.4.5 or newer, you can configure a SOCKS proxy

Java Proxy client class that supports authentication

I'm looking for a java socks Proxy client class that supports authetication, any suggestions? The java.net.Proxy does not support authentication.
Edit:
I can't seem to find a way that would attach authentication data to particular proxy host via socket. Authenticator.setDefault() allows only one set of credential.
Authenticator.setDefault(new Authenticator(){
protected PasswordAuthentication getPasswordAuthentication(){
PasswordAuthentication p=new PasswordAuthentication("xxx", "xxx".toCharArray());
return p;
}
});
Proxy proxy = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("xxx.xx.xxx.xxx", xxx));
Socket sock = new Socket(proxy);
sock.connect(new InetSocketAddress(server,xx));

Java supports Socks proxy configuration via a registered java.net.Authenticator or via preferences as documented in the Networking Properties:
SOCKS protocol support settings
The SOCKS username and password are
acquired in the following way. First,
if the application has registered a
java.net.Authenticator default
instance, then this will be queried
with the protocol set to the string
"SOCKS5", and the prompt set to to the
string "SOCKS authentication". If the
authenticator does not return a
username/password or if no
authenticator is registered then the
system checks for the user preferences
"java.net.socks.username" and
"java.net.socks.password". If these
preferences do not exist, then the
system property "user.name" is checked
for a username. In this case, no
password is supplied.
socksProxyHost
socksProxyPort (default: 1080)
Indicates the name of the SOCKS proxy server and the port number that will be used by the SOCKS protocol layer. If socksProxyHost is specified then all TCP sockets will use the SOCKS proxy server to establish a connection or accept one. The SOCKS proxy server can either be a SOCKS v4 or v5 server and it has to allow for unauthenticated connections.
For client code examples, you can check this answer on Stack Overflow.
EDIT: Update of the answer as per comment
The side effect of the SOCKS support in JDK is that your whole JVM will go through the same SOCKS proxy. So this may not work for you.
The Authenticator affects all authentication in your JVM (HTTP auth, Proxy Auth). So again, this may not work for you.
In your case, a possible solution would be to use HttpClient from HttpComponents (the successor of the legacy Commons HTTP Client 3.x). Check out the samples and especially the Request via a proxy and Proxy authentication examples.

Use this HttpClient (Not Apache's),
http://www.innovation.ch/java/HTTPClient/
This is simply an URL handler so you can use the usual HTTPUrlConnection. It supports SOCKS and other proxy.